TSB IT Failures

Tony Devenish: Can you confirm the GLA and its functional bodies/partners (LFB, TfL and the Met Police etc.) have reviewed the Slaughter and May report on TSB's IT failures for "lessons learnt", and to ensure GLA family organisations don't fall foul of these troubling issues? Please be specific on what actions have taken place or are underway.

The Mayor: Please see below the various responses from the GLA and functional bodies:
GLA Response
The report highlights the need for proper testing, to be undertaken using a platform that accurately reflects the live environment and for that to be undertaken at a scale that reflects what will be required when a service goes live. It also covers realistic planning – with achievable milestones and that IT solutions need a suitably robust infrastructure in place prior to go live.
The GLA Technology Group have robust standards in place for system development and the deployment of those solutions into a live environment. All systems are tested in a test environment that mirrors the live environment – and run on a suitably robust infrastructure.
The report is being reviewed by the Development Manager and the Programme Manager of the Technology Group to see if there are any lessons that can be learnt by the GLA from the report.
MPS Response
The Slaughter & May report was only made available on 9December 2019; key issues can be summarised as follows:
It was a very significant migration of 5 million users.The solution was designed and built rather than an off the shelf solution selected.They opted for a single event migration and were the first in class to do so.The timescale was ambitious with testing inadequate.Support for scale of project not in place and there was a lack of oversight.
The Met Digital Strategy is to procure off the shelf solutions that have been proven elsewhere, thus avoiding the risk of being the first to implement a new solution. The Met is of course a large police force so avoids a single event migration as we saw at TSB. The Met Digital Team have a mature gated process for the transition of projects from initiation to delivery and into service, and projects do not pass those handover points unless testing is complete, and all prerequisites are in place. Where appropriate, independent advice is sought via audit and/or external validation of plans and approaches.
TfLResponse
Transport for London (TfL) has had a chance to review the core events outlined in the Slaughter and May report. TfL is responsible for many systems, including many that hold substantial customer information and has a robust process for system development, integration and testing.
In nearly all cases, TfL avoids a single event migration by letting systems run in parallel. In cases where that is not possible, data migration needs are identified early and built into the system design and migration plans.
All IT systems are exposed to the sorts of risks outlined in the Slaughter and May report and TfLhas benefitted from the report being available in the public domain.
LFC response
The Slaughter and May report was made available on 9 December 2019 and London Fire Brigade (LFB) has not had an opportunity to examine it in depth.
The main issues raised are related to poor project governance, testing, unnecessary time constraints and lack of overview of suppliers. LFB has a robust and tested project governance process, overseen by a dedicated project management office. The risks and issues raised as part of any LFB project would be picked up as part of this governance process and communicated to senior stakeholders in a timely and transparent manner. Where LFB utilises external contractors as part of a project delivery, these contractors are carefully evaluated as part of the procurement process.